Class action litigation claims administration firm Arden Claims Service is notifying about 139,000 individuals that their personal information was stolen during an October 2023 data breach.
The incident was discovered on October 17, when the firm noticed unusual activity in an email account. After securing the account, Arden Claims Service launched an investigation and discovered that a third-party “acquired certain data without authorization on or about October 3”.
The firm’s review of the stolen data was completed on August 6, 2024, and written notification letters were sent to the potentially impacted individuals on August 14.
The notification letter, a redacted copy of which was submitted to the Maine and Vermont Attorney General’s Offices, shows that the exfiltrated data included names in combination with other personally identifiable information.
While the firm did not share specific details on the compromised information in its new regulatory filing, it did say in a January submission with the Maine AGO that Social Security numbers were also stolen in the data breach.
Arden Claims Service told the Maine AGO that 138,890 individuals were potentially impacted by the incident.
The class action settlement administrator is providing the potentially affected individuals with free identity protection services, which include credit and dark web monitoring, an identity fraud loss reimbursement policy, and identity theft recovery services.
It is unclear whether the data breach was caused by an extortion group targeting Arden Claims Service. SecurityWeek has not seen any ransomware group taking responsibility for the incident.